UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 

APPLICATION NO. . [ FILING DATE | FIRST NAMED INVENTOR | ATTORNEY DOCKET NO. | CONFIRMATION NO.~ 

10/035,724 11/07/2001 Marc Lamberton FR920000068US 1 4120 

7590 09/20/2005 | EXAMINER 

THOMAS A. BECK bengzon, greg c 

26 Rockledge Lane , . 

NewMilford, CT 06776 I art unit | papernumber 

2144 

DATE MAILED: 09/20/2005 




United States Patent and Trademark Office 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 





Office Action Summary 


Application No. 

10/035,724 


Applicant(s) 

LAMBERTON ETAL 


Examiner 

Greg Bengzon 


Art Unit 
2144 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 



Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)S Responsive to communication(s) filed on 13 June 2005 . 
2a)M This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 11, 453 O.G. 21 3. 

Disposition of Claims 

4) [>3 Claim(s) 1.2 and 9-20 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1.2.9-20 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

This application has been examined. Claims 1,2,9 - 20 are pending. Claims 1, 2, 

15, and 16 have been amended. Claims 3-8 have been cancelled. 

Priority 

This application claims benefit of priority from EPO Application 00480102.3 
dated November 14, 2000. 

The effective date of the subject matter of the claims in this application is 
November 14, 2000. 



Claim Rejections - 35 (JSC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1,2, 9 -12, 14, and 16-20 are rejected under 35 U.S.C. 103(a) as being 



unpatentable over Levi (US Patent 6636983) in view of Rowland (US Patent 6405318). 
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With respect to Claim 1 , Levi disclosed (Currently Amended) A method 
comprising: enabling surveillance of a computer-like device connected to a 
communications network including a Network Surveillance Server (NSS), (Levi - 
Column 3 Lines 55-65, Column 4 Lines 1-40) said network including the steps of: upon 
joining said communications network, said computer-like device logging-in to said NSS; 
(Levi - Figures 2 thru 4, Column 8 Lines 10-65) discovering at least one said NSS 
within said communications network; (Levi - Column 12 Lines 20-50) selecting one of 
said at least one NSS to perform the surveillance of said computer-like device; (Column 
5 Lines 40-45) sending credentials to said selected NSS; (Column 6 Lines 25-35) 
thereby, if accepted by said selected NSS completing log-in; however, if not accepted; 
aborting log-in; (Column 12 Lines 45) said NSS polling, said computer-like device while 
connected on said communications network, (Figure 16 Column 32 Lines 40-55) said 
polling step including said NSS determining if said computer-like device responds, 
(Column 4 Lines 20-45, CX 32 Lines 30-35) and if so, collecting information about said 
computer-like device (Column 8 Lines 10-65) and a registered user of said 
computer-like device, said collecting step being performed on top of said polling step 
and said checking step; (Column 4 Lines 20-45) said NSS issuing an alarm to a central 
surveillance unit if said computer-like device fails responding to polling; (Levi - Column 
32 Lines 20-54, Column 33 Lines 1-30) and allowing said computer-like device to be 
watched by NSS while being connected to said communications network. (Levi - 
Column 3 Lines 55-65, Column 4 Lines 1-40) 
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With respect to Claim 1 , Levi did not disclose of the method of Claim 1 
comprising of said computer-like device logging-out from said NSS prior to leaving said 
communications network. Levi did not disclose wherein prior to leaving said 
communications network, when it is desired to leave said communications network, said 
computer-like device sending credentials to said selected NSS, thereby, if log-out is 
accepted by said NSS stops polling, said computer-like device thus completing log-out; 
however, if log-out is not accepted, said NSS keeps polling, said computer-like device 
thus failing to complete log-out; said computer-like device logging-out from said NSS. 

With respect to Claim 1 , Levi did not disclose of the method of Claim 1 
comparing if said collected information matches records, in said NSS, about said 
computer-like device and said registered user, said comparing-step being performed on 
top of said polling step and said checking step. 

Rowland disclosed an intrusion detection system that monitors the user behavior 
in real time and compares said behavior according to a previously determined user 
profile indicating said user's normal behavior. (Rowland - Figure 5, Column 2 Lines 40- 
65, Column 7 Lines 40-55) In addition to session monitoring, Rowland disclosed of 
users logging out, and of a logout anomaly detector that would indicate if the user has 
logged off normally or otherwise, and issues alerts to the network administrator if any 
abnormal conditions are found. (Rowland - Figures 1-5B, Column 5 Lines 40-65, 
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Column 12 Lines 50-65) The logout anomaly detector includes polling the network 
device to determine the status of the logout process. (Column 10 Lines 50-55) 

Rowland disclosed the features of the invention as shown below. 

With respect to Claim 1 , Rowland disclosed the method of Claim 1 comprising of 
said computer-like device logging-out from said NSS prior to leaving said 
communications network. (Rowland- Figures 1-5B, Column 5 Lines 40-65, Column 10 
Lines 50-55) Rowland disclosed wherein prior to leaving said communications 
network, when it is desired to leave said communications network, said computer-like 
device sending credentials to said selected NSS, thereby, if log-out is accepted by said 
NSS stops polling, said computer-like device thus completing log-out; however, if 
log-out is not accepted, said NSS keeps polling, said computer-like device thus failing to 
complete log-out; said computer-like device logging-out from said NSS. (Rowland - 
Column 10 Lines 50-55) 

With respect to Claim 1 , Rowland disclosed the method of Claim 1 comparing if 
said collected information matches records, in said NSS, about said computer-like 
device and said registered user, said comparing-step being performed on top of said 
polling step and said checking step. (Rowland - Column 2 Lines 20-35, Column 3 Lines 
50-65, Column 9 Lines 20-50) 

Levi and Rowland are analogous art because they present concepts and 
practices regarding network monitoring for detecting abnormal activity in a network 
device. The Examiner respectfully suggests that it would have been obvious to a 
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person of ordinary skill in the art to combine the teachings of Rowland into the method 
of Levi , such that 1) the user is enabled to complete a logout process and such that the 
system is enabled to detect an abnormal logout condition, and 2) the method of Levi is 
able to compare real-time user behavior with previously established normal behavior. 
The suggested motivation for doing so would be, as Rowland suggests, by comparing 
the user behavior to the dynamically built user profile, false alarms for abnormal activity 
(such as a device being incorrectly tagged as 'stolen' due to abnormal logout 
conditions) are reduced. (Rowland Abstract) 

With respect to Claim 2, the combination of Levi and Rowland disclosed the 
method according to claim 1 , wherein there are a plurality of more than one said NSS 
present in said communications network. (Levi - Column 5 Lines 40-50) 

With respect to Claim 9, the combination of Levi and Rowland disclosed a 
method according to claim 1, wherein said communications network is an IP network 
and said polling step utilizes the IP PING' command. (Levi - Column 32 Lines 40-60) 

With respect to Claim 10, the combination of Levi and Rowland disclosed a 
method according to claim 1 , wherein said communications network is an IP network 
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and said polling step utilizes the IP Address Resolution Protocol (ARP). (Levi - Column 
32 Lines 40-60) 

With respect to Claim 1 1 , the combination of Levi and Rowland disclosed a 
method according to claim 1 , wherein said computer-like device is a mobile device. 
(Levi - Figure 1 1 , Column 20 Lines 40-60) 

With respect to Claim 12, the combination of Levi and Rowland disclosed a 
method according to claim 1 , wherein said computer-like device is voice enabled. (Levi - 
Figure 1 1 , Column 20 Lines 40-60) 

With respect to Claim 14, the combination of Levi and Rowland disclosed a 
method according to claim 1 , wherein said collected information about said computer- 
like device includes: a current geographic location; and an identification of a portal 
through which said communications network is accessed. (Levi - Column 6 Lines 25- 
60) 
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With respect to Claim 16, the Applicant claims a network surveillance system for 
carrying out the method according to Claim 1 . Claim 16 is rejected on the same basis 
as Claim 1. 

With respect to Claim 17, the Applicant claims a computer-like readable medium 
for carrying out the method according to Claim 1. Claim 17 is rejected on the same 
basis as Claim 1. 



With respect to Claim 18, the Applicant claims an article of manufacture for 
carrying out the method according to Claim 1 . Claim 18 is rejected on the same basis 
as Claim 1. 

With respect to Claim 19, the Applicant claims a program storage device 
readable by machine for carrying out the method according to Claim 1 . Claim 19 is 
rejected on the same basis as Claim 1 . 

With respect to Claim 20, the Applicant claims a computer program product for 
carrying out the method according to Claim 16. Claim 20 is rejected on the same basis 
as Claim 1 and 16. 
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Claims 13 and 15 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Levi (US Patent 6636983) in view of Rowland (US Patent 6405318) as applied to 
Claims 1-12, 14, and 16-20 above, and further in view of Lambert et al. (US Patent 
6367016), hereinafter referred to as Lambert . 

While the combined teachings of Levi and Rowland , when applied together, are 
enough to substantially disclose the invention as described in Claims 13 and 15, the 
combination of Levi and Rowland did not disclose the collection of biometric and 
personal credentials as follows: 

With respect to Claim 13, Levi and Rowland did not disclose a method according 
to claim 1 , wherein said collected information about said registered user includes: a 
typing speed over a keyboard; a voice intonation. 

With respect to Claim 15, Levi and Rowland did not disclose a method according 
to 1 , claim, wherein said credentials includes: knowing a personal identification number 
(PIN); knowing a password; and possessing a token or smartcard. 

Lambert disclosed of a method of controlling access to a network comprising of 
collecting biometric data in addition to the combination of passwords, PINs and 
smartcards in order to verify the identity and determine the access level of the user. 
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Lambert uses various machine readers to collect said user information. (Lambert - 
Column 3 Lines 25-50, Column 4 Lines 50-60) 

Levi , Rowland and Lambert are analogous art because they present concepts 
and practices regarding collection of unique or secret personal information from the user 
for network and device security purposes. The Examiner respectfully suggests that it 
would have been obvious to a person of ordinary skill in the art to combine the 
teachings of Lambert into the combined teachings of Levi and Rowland . The said 
combination would allow the user validator of Levi (Column 12 Lines 35-45) to permit 
entry upon verifying static logon credentials such as passwords and PINs. Furthermore 
the said combination would allow for collection of real-time information pertaining to 
user behavior, such as typing speed and voice intonation, for comparison with 
previously determined behavioral patterns. The suggested motivation for doing so 
would be, as Lambert suggests, to take advantage of smartcard technology which by 
incorporating within it active data processing and storage facilities, provides security 
and flexibility. (Column 1 Lines 25-40) 

With respect to Claim 13, the combination of Levi, Rowland, and Lambert 
disclosed a method according to claim 1 , wherein said collected information about said 
registered user includes: a typing speed over a keyboard; a voice intonation. (Lambert - 
Column 3 Lines 25-50, Column 4 Lines 50-60) 
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With respect to Claim 15, the combination of Levi, Rowland, and Lambert 
disclosed a method according to 1 , claim, wherein said credentials includes: knowing a 
personal identification number (PIN); knowing a password; and possessing a token or 
smartcard. (Lambert - Column 3 Lines 25-50, Column 4 Lines 50-60) 

Response to Arguments 

Applicant's arguments filed 06/13/2005 have been fully considered but they are 
not persuasive. The reasons for non-persuasiveness are set forth below. 

The Applicant presents the following argument(s) [in italics]: 
The Applicant suggests that it is questionable whether and why the skilled 
artisan would look to supplement the teaching of the Levi primary reference. 
Considering what are the essential features of each of the inventions in these patents, 
the skilled artisan would not instinctively take the isolated disclosures of "logout" and the 
"logout anomaly detector" of Rowland and add it to the overall teaching of the Levi 
reference. The Applicant also suggests that there is no suggestion in Levi that his 
system as disclosed is unsuitable which would warrant the combination with the 
Rowland reference. The Applicant suggests it is unlikely that the person skilled in the 
art would use Rowland in combination with Levi, and vice versa. The lack of appropriate 
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commonality of the disclosures in the two inventions cited as prior art as applied to the 
present invention serves to rebut the rejection of the claims under 35 U.S.C. 103. 

The Examiner notes many common features between Levi and Rowland. In 
Column 27 Lines 5-10 and Column 28 Lines 25-25 Levi disclosed of a theft listening 
process and reporting that a monitored device has been stolen. In Column 12 Lines 35- 
45 Levi describes a login procedure which serves to prevent unauthorized users from 
gaining access to the system. In Column 1 Lines 5-10 and Column 2 Lines 65 Rowland 
describes an intrusion detection system with real-time session monitoring for login and 
logout procedures and detecting normal user behavior patterns. 

In response to applicant's argument that there is no suggestion to combine the 
references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill in 
the art. 

The Examiner notes that in Rowland Column 2 Lines 10-35, Column 2 Lines 45- 
55, Column 9 Lines 40-55 Rowland describes several desirable features, stating 'great 
benefit if you have an eclectic user base who work strange hours or login from multiple 
time zones'. In Levi Column 33 Lines 45 Levi states that the operations center could 
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encompass several locations to serve different geographical area. Thus the Examiner 
concludes that Levi would have been highly motivated to look for disclosures regarding 
monitoring systems and incorporate additional features such as presented by Rowland. 

The Applicant presents the following argument(s) [in italics]: 
The Applicant suggests there is no suggestion in Levi that warrants its 
combination with Rowland and Lambert. 

The Examiner notes many common features between Levi and Rowland. In 
Column 27 Lines 5-10 and Column 28 Lines 25-25 Levi disclosed of a theft listening 
process and reporting that a monitored device has been stolen. In Column 12 Lines 35- 
45 Levi described a login procedure which serves to prevent unauthorized users from 
gaining access to the system. In Column 1 Lines 5-10 and Column 2 Lines 65 Rowland 
described an intrusion detection system with real-time monitoring for login and logout 
procedures. 

The Examiner notes that in Rowland Column 2 Lines 10-35, Column 2 Lines 45- 
55, Column 1 Lines 60-65, Column 9 Lines 40-55 Rowland describes several desirable 
features, stating 'great benefit if you have an eclectic user base who work strange hours 
or login from multiple time zones'. In Levi Column 33 Lines 45 Levi stated that the 
operations center could encompass several locations to serve different geographical 
areas. Thus the Examiner concludes that Levi would have been highly motivated to 
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look for disclosures regarding global monitoring systems and incorporate additional 
features such as those presented by Rowland. 

The Examiner notes that Rowland Column 2 Lines 20-25, Column 2 Lines 45-55, 
Column 3 Lines 50-65, Column 7 Lines 55-65, Column 9 Lines 20-35 Rowland 
described establishing and detecting normal or suspicious user behavior by comparing 
real-time behavior with dynamically built user signatures and other unique user patterns. 
In Lambert Column 2 Lines 10-15 Lambert described a more advanced system for 
authenticating users using biometric information. Thus the Examiner concludes that a 
person of ordinary skill in the art, upon having combined Levi and Rowland, would have 
been motivated to look for other means to acquire or detect said unique user patterns 
such as those presented in the smart card system by Lambert, and implement said 
combination of Levi, Rowland, and Lambert. 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 



Application/Control Number: 10/035,724 



Page 15 



Art Unit: 2144 

extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Greg Bengzon whose telephone number is (571 ) 272- 
3944. The examiner can normally be reached on Mon. thru Fri. 8 AM - 4:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, David Wiley can be reached on (571 )272-3923. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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